5374067c96c4e8a59abde4a3f045122e0ac6032e625fccaaa283be6d1461b399 | Triage

Analysis

max time kernel
13s
max time network
905s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
16-02-2025 17:00

Sharing

Report Analysis Logs

General

Target

Ahmyth-aligned-debugSigned.apk
Size

293KB
MD5

b61a1d00aeff285cc431240812842b11
SHA1

fe19925c10490943cdaa71b8d3cad773171bceeb
SHA256

5374067c96c4e8a59abde4a3f045122e0ac6032e625fccaaa283be6d1461b399
SHA512

f9c31fd3fba8be02de90097d8511d90320bd8c42a721127e109631e0c300e139dfb7f4089e4ec1cbde4edddda9c2b18d82d3b1b7ae1cab642df369db96ff4843
SSDEEP

6144:T7Cv+PMenyQyVyE2LjVR9GEvW63BgwJLzD7PHbDfOLB:TOsMenyO3V2wW63uSXDLPk

Score

6^/10

defense_evasion impact persistence privilege_escalation

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	ahmyth.mine.king.ahmyth

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

Account Access Removal

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	ahmyth.mine.king.ahmyth

ahmyth.mine.king.ahmyth
1⤵
- Makes use of the framework's foreground persistence service
- Tries to add a device administrator.
PID:4532

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Replay Monitor

Loading Replay Monitor...

Downloads